CVE-2020-12641: rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to ...

Severity: Critical

CVSS Score: 9.8

rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path.